Shane Coughlan, OpenChain General Manager, delivered a talk entitled ‘How The Linux Foundation Standards For License Compliance And Security Will Fix Your Supply Chain‘ at FOSS North 2023 on the 25th of April 2023.
Formal Talk Outline
The OpenChain License Compliance (ISO/IEC 5230) and Security Assurance standards provide simple and effective ways for companies in the supply chain to improve open source software management. Organizations around the world have engaged with these standards over the last five years for cost reduction, time optimization and to allow staff to work on tasks directly related to improving products and services. Data suggests significant traction in adoption, with an example being a recent PwC-sponsored survey showing 20% of German companies with more than 2,000 employees using ISO/IEC 5230. This talk will explain how the OpenChain Project is building the support structures needs to accomplish ever broader market adoption, ranging from community activities to reference material to a commercial ecosystem. It will focus on recent developments, especially around expanding work in security, in editing the next generations of the standards, and in lessons learned to revise our supplier education material. Attendees will leave this talk knowing current options for assessment, deployment and – in the case of customer companies – encouraging suppliers to use these standards too.
